Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6624 | 1 Pnphpbb | 1 Pnphpbb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. | |||||
| CVE-2007-6632 | 1 Xml2owl | 1 Xml2owl | 2017-09-29 | 6.8 MEDIUM | N/A |
| showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter. | |||||
| CVE-2007-6637 | 1 Adobe | 1 Flash Player | 2017-09-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1. | |||||
| CVE-2007-6638 | 1 March Networks | 1 3204 Dvr | 2017-09-29 | 10.0 HIGH | N/A |
| March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz. | |||||
| CVE-2007-6639 | 1 Iptbb Team | 1 Iptbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action. | |||||
| CVE-2007-6647 | 1 W-agora | 1 W-agora | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-6648 | 1 Sanybee Gallery | 1 Sanybee Gallery | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter. | |||||
| CVE-2007-6649 | 1 Matpo Bilder Galerie | 1 Matpo Bilder Galerie | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | |||||
| CVE-2007-6652 | 1 Xcms | 1 Xcms | 2017-09-29 | 7.5 HIGH | N/A |
| cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). | |||||
| CVE-2007-6653 | 1 Mihalism | 1 Multi Host | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2007-6654 | 1 Macrovision | 1 Update Service | 2017-09-29 | 9.3 HIGH | N/A |
| Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660. | |||||
| CVE-2007-6655 | 1 Matpo Bilder Galerie | 1 Kontakt Formular | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2007-6656 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2007-6657 | 1 Mihalism | 1 Multi Host | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter. | |||||
| CVE-2007-6663 | 2 Joomla, Pragmatic Utopia | 2 Joomla, Pu Arcade | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | |||||
| CVE-2007-6664 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2007-6665 | 1 Netchemia | 1 Oneschool | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter. | |||||
| CVE-2007-6666 | 1 Zenphoto | 1 Zenphoto | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. | |||||
| CVE-2007-6667 | 1 Myphp | 1 Myphp Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413. | |||||
| CVE-2007-6681 | 1 Videolan | 1 Vlc | 2017-09-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file. | |||||
| CVE-2007-6682 | 1 Videolan | 1 Vlc | 2017-09-29 | 7.5 HIGH | N/A |
| Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter. | |||||
| CVE-2007-6683 | 1 Videolan | 1 Vlc | 2017-09-29 | 5.0 MEDIUM | N/A |
| The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability. | |||||
| CVE-2007-6684 | 1 Videolan | 1 Vlc | 2017-09-29 | 5.0 MEDIUM | N/A |
| The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference. | |||||
| CVE-2007-6702 | 1 Goahead Software | 2 Fs4104-aw Device, Goahead Webserver | 2017-09-29 | 5.0 MEDIUM | N/A |
| goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. | |||||
| CVE-2007-6712 | 1 Kernel | 1 Linux Kernel | 2017-09-29 | 4.9 MEDIUM | N/A |
| Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired. | |||||
| CVE-2007-6717 | 1 Ibm | 1 Aix | 2017-09-29 | 7.2 HIGH | N/A |
| Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2008-0016 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | |||||
| CVE-2008-0047 | 2 Apple, Cups | 3 Mac Os X, Mac Os X Server, Cups | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. | |||||
| CVE-2008-0053 | 1 Apple | 1 Cups | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. | |||||
| CVE-2008-0069 | 1 Pierreegougelet | 1 Xnview | 2017-09-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. | |||||
| CVE-2008-0089 | 1 Clip-share | 1 Clipshare | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. | |||||
| CVE-2008-0091 | 1 Agency4net | 1 Webftp | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2008-0099 | 1 Myphp Forum | 1 Myphp Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. | |||||
| CVE-2008-0129 | 1 Siteatschool | 1 Siteatschool | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. | |||||
| CVE-2008-0133 | 1 Thomas Perez | 1 Tribisur | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. | |||||
| CVE-2008-0137 | 1 Snetworks | 1 Php Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | |||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2008-0140 | 1 Uebimiau | 1 Webmail | 2017-09-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. | |||||
| CVE-2008-0141 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. | |||||
| CVE-2008-0142 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. | |||||
| CVE-2008-0143 | 1 Spacial Audio Solutions | 2 Sam Broadcaster, Samphpweb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. | |||||
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | |||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | |||||
| CVE-2008-0154 | 1 Evilboard | 1 Evilboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. | |||||
| CVE-2008-0155 | 1 Evilboard | 1 Evilboard | 2017-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
| CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. | |||||
| CVE-2008-0158 | 1 Shop-script | 1 Shop-script | 2017-09-29 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. | |||||
| CVE-2008-0159 | 1 Eggblog | 1 Eggblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. | |||||
| CVE-2008-0177 | 1 Kame | 1 Ipcomp | 2017-09-29 | 7.8 HIGH | N/A |
| The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. | |||||
| CVE-2008-0187 | 1 Spacial Audio Solutions | 1 Samphpweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. | |||||